The Australian Banking Association (ABA) has slammed proposed privacy and security settings for banking reforms.

As the Federal Government pushes its Consumer Data Right regime for open banking and contestable accounts across utilities, the banking lobby has warned that current privacy and security assumptions need more work.

The ABA has questioned the Privacy Impact Assessment (PIA) for the proposed Consumer Data Right bill, which remains in limbo ahead of the federal election.

The PIA downgraded its assessment of “the likelihood of a third person posing as the accredited data recipient in order to gain access to the individual’s consent information” from ‘possible’ to unlikely.

“The ABA view is that this fails to consider the intentions of fraudulent and criminal actors and cyber criminals who seek to operate using illegal means, and who may be difficult to enforce Australian laws against when located overseas or otherwise difficult to identify given the environment in which they operate, being primarily over the internet,” the ABA said in its submission on the laws.

“This is supported by data reported by the Office of the Australian Information Commissioner (OAIC) showing that the largest cause of data breaches is malicious criminal attacks, such as the theft of personal information or hacking, phishing and other similar events.

“The ABA has identified aspects of the PIA where industry experience would suggest a higher risk likelihood is plausible.

“As the PIA is refined, the ABA suggests that these risk assessments are reconsidered with input from the Rules and Standards that are developed, and also insights from consumer testing and the pilot program.”